Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3974

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.

Published

2020-07-10T14:15:10.483

Last Modified

2024-11-21T05:32:05.667

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	fusion	< 11.5.5	Yes
Application	vmware	horizon_client	< 5.4.3	Yes
Application	vmware	remote_console	< 11.2.0	Yes
Operating System	apple	macos	-	No

References

https://www.vmware.com/security/advisories/VMSA-2020-0017.html Patch, Vendor Advisory ([email protected])
https://www.vmware.com/security/advisories/VMSA-2020-0017.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)